Cyber resilience: A foundation for digital transformation

Cyberattacks are inevitable. Close the cyber resilience loop.

Security protection has long hinged on the idea of detecting and blocking threats. This approach has been so common that many companies focus on malware detection while neglecting the policies that dictate what happens after an attack.

Study after study confirms that most organizations are nowhere near as good at cyber resilience as they need to be. When a cybersecurity event strikes, they spend far too much time, money and manpower trying to establish what happened, what damage it caused, and how to fix it – even as its implications spread throughout the business.

If we accept that cybersecurity attacks are inevitable, it goes without saying that true cyber resilience comes not only from our ability to detect and stop infections but from our response once a breach is suspected or confirmed.

The moment a cybersecurity strike hits your organization, the clock starts ticking. And once that clock starts ticking, the damage begins adding up – and rippling across the organization.

A broader response. Cyber resilience was a recurring theme as Microsoft brought its Summit event to Australia for the first time this year. Over the course of four days in November, more than 3000 IT professionals, developers, partners, and business users explored the many ways that digital transformation, innovation, and security exposure affect the way that businesses and organizations operate in the digital era.

This is why improving cyber resilience requires a broad, coordinated response that spans the organization’s many business areas. A ransomware attack might take down one or a dozen systems in a department, for example, but simply waiting on IT to fix the problem does nothing to help that department continue to function in the meantime.

Departmental managers should have clearly defined action plans to reassign key staff to working systems, as well as a clear indication of which systems and business processes will be affected in the event of a breach. This requires undergoing extensive mapping of interdependencies between systems, addressing both the applications the business relies upon and the communications methods used to access them.

Business managers must innately understand the relationship between their business functions and the systems that support them, and work proactively with IT to develop alternative plans that can help ensure the organization’s cyber resilience.

The Microsoft Summit included highlights from transformation leaders such as Microsoft corporate vice president for industry Toni Townes-Whitley, who reinforced the need for transformation to be continual, responsible and inclusive. These are all core elements of improving customer service, which itself lies at the core of every cyber resilience strategy: resilience, after all, is ultimately all about preserving an organization’s ability to serve its customers.

CSIRO chairman David Thodey, for one, talked about the importance of creating an environment of continuous reinvention, trust, and a leadership mindset rooted in a continuous learning mindset. Corporate technology users shared their insights into the growing importance of cloud platforms as core elements of their operational ecosystems.

Our colleague, Mimecast principal consultant Garrett O’Hara, talked about the way that a cohesive cyber-resilience strategy brings these elements together into a coherent whole. This, he said, requires business leaders to actively engage with their customers in business terms that make sense to them.

“Security people, by their nature, might not be the best people to write the communications that will win over the people on the front desk,” he said. “An email written by someone highly technical can cause people’s eyes to gloss over. That education piece needs to be done by people who understand messaging and education, as opposed to just relying on the IT teams.”

Cloud backup. Whereas resilience used to be based on an organization installing and managing two of everything, modern cloud-based architectures can improve cyber resilience without requiring massive infrastructure duplication.

Key applications and data can be set up in cloud services that are only spun up when needed – providing a rapid response capability if key systems are brought down for any appreciable period of time. And many cloud-based services offer what might be called real-time cyber resilience: since they are natively based in the cloud, they and their data remain continuously available regardless of any malware compromise at the enterprise end.

Managing the data offsite makes cyber resilience plans much easier to maintain. If an employee can shift from a ransomware-infected desktop to access key email, work files and databases from a cloud service, they can continue being productive – and maintaining the continuity of their business services – until the cybersecurity issue is remediated.

At its heart, O’Hara explained, cyber resilience relies on continuous reinforcement of the key messages around business continuity and risk management. “There is often a bit of confusion about how we fix these issues,” he said, “and there are many people potentially thinking they are not getting results – but it’s just an issue of how they have approached the education piece.

“You can’t run a one-day workshop and expect people to do the right thing; this education needs to happen regularly, and to become the norm within the company. It just becomes business as usual.”

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox